cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mobile Application Management and MFA

David Gorman
Steel Contributor

‎Mar 04 2019 03:58 AM

‎Mar 04 2019 03:58 AM

Mobile Application Management and MFA

Hi all,

 

I've setup a CA policy for a test user. The user must use the required app and MFA to access Exchange Online. We also want a PIN number for the app itself.

 

Should this setup work? If the user opens Outlook, should Outlook prompt for MFA and then the PIN number?

1,343 Views
0 Likes
2 Replies
Reply
2 Replies
Oliver Kieselbach

‎Mar 04 2019 04:28 AM

‎Mar 04 2019 04:28 AM

Re: Mobile Application Management and MFA

Hi David,

 

you can enforce MFA on the CA side or on the user-level. MFA in general does have a caching (refresh token). As long as your token will be flagged as strong authentication you don't need to do MFA again, so you can use the token to get access to something. 

If you do on top now Intune App Protection Policies (aka MAM) then you can enforce "Access requirements" for Outlook to prompt the user for a PIN on start. This would require the user to enter the PIN every time the user starts regardless of your authentication token. 

This is totally a valid setup, have seen several environments running this.

 

best,

Oliver

0 Likes
Reply
David Gorman

‎Mar 04 2019 04:48 AM

‎Mar 04 2019 04:48 AM

Re: Mobile Application Management and MFA

Thanks @Oliver Kieselbach . I think the PIN number will probably satisfy everything really. Much appreciated.

1 Like
Reply